#vulnerability

File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0, which fixes the issue. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067

SUMMARY Cybersecurity researchers at Oasis Security have identified a vulnerability in Microsoft’s Multi-Factor Authentication (MFA), known as AuthQuake,…

High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes.

The ABB Cylon Aspect BMS/BAS system suffers from an unauthenticated configuration disclosure vulnerability. This can be exploited to retrieve sensitive configuration data, including file paths, environment settings, and the location of system scripts. These exposed configuration files may allow an attacker to gain insights into the system's structure, facilitating further attacks or unauthorized access.

Hackers are constantly evolving, and so too should our security protocols.

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

An unauthenticated vulnerability in ABB Cylon Aspect BMS/BAS allows the download of an SQLite3 database file, exposing sensitive information stored in several tables. This vulnerability could lead to unauthorized access to system data, enabling information disclosure and potential exploitation of critical building management or automation systems.

ABB Cylon Aspect is affected by multiple Server-Side Request Forgery (SSRF) vulnerabilities. These vulnerabilities allow authenticated attackers to exploit APIs and internal functions to make arbitrary network requests. This could result in unauthorized access to internal systems, data exfiltration, or bypassing firewall protections.

SUMMARY Cybersecurity researchers at Deep Instinct have uncovered a novel and powerful Distributed Component Object Model (DCOM) based…

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the